Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2011-07-21 CVE-2011-2520 Deserialization of Untrusted Data vulnerability in multiple products
fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object.
local
low complexity
redhat fedoraproject CWE-502
7.8
2003-10-07 CVE-2003-0791 Deserialization of Untrusted Data vulnerability in multiple products
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
network
low complexity
mozilla sco CWE-502
critical
9.8